On Randomizing Hash Functions to Strengthen the Security of Digital Signatures

Gauravaram, Praveen & Knudsen, Lars R. (2009) On Randomizing Hash Functions to Strengthen the Security of Digital Signatures. In Advances in Cryptology - EUROCRYPT 2009. Springer, Berlin, pp. 88-105.

View at publisher


Halevi and Krawczyk proposed a message randomization algorithm called RMX as a front-end tool to the hash-then-sign digital signature schemes such as DSS and RSA in order to free their reliance on the collision resistance property of the hash functions. They have shown that to forge a RMX-hash-then-sign signature scheme, one has to solve a cryptanalytical task which is related to finding second preimages for the hash function. In this article, we will show how to use Dean’s method of finding expandable messages for finding a second preimage in the Merkle-Damgård hash function to existentially forge a signature scheme based on a t-bit RMX-hash function which uses the Davies-Meyer compression functions (e.g., MD4, MD5, SHA family) in 2 t/2 chosen messages plus 2 t/2 + 1 off-line operations of the compression function and similar amount of memory. This forgery attack also works on the signature schemes that use Davies-Meyer schemes and a variant of RMX published by NIST in its Draft Special Publication (SP) 800-106. We discuss some important applications of our attack.

Impact and interest:

7 citations in Scopus
Search Google Scholar™
7 citations in Web of Science®

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

ID Code: 81638
Item Type: Book Chapter
Keywords: Digital signatures, Hash functions, Davies-Meyer, RMX
DOI: 10.1007/978-3-642-01001-9_5
ISBN: 978-3-642-01001-9
ISSN: 1611-3349
Divisions: Current > Schools > School of Electrical Engineering & Computer Science
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Copyright Owner: Copyright 2009 Springer Berlin Heidelberg
Deposited On: 05 Feb 2015 05:23
Last Modified: 30 Oct 2015 16:07

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page